Overview
- Trust Wallet said the breach was confined to Chrome extension version 2.68, urged users to disable it and upgrade to 2.69 from the official Chrome Web Store, and confirmed mobile apps were not affected.
- Binance founder Changpeng Zhao and Trust Wallet put losses at roughly $7 million and committed to fully reimburse impacted users as the company finalizes the refund process.
- Security firms including SlowMist and PeckShield reported malicious source-code changes in v2.68 that sent decrypted mnemonics to api.metrics-trustwallet.com, leveraging the posthog-js library.
- Analysts tracked stolen assets across Bitcoin, EVM chains and Solana, with more than $4 million funneled through ChangeNOW, FixedFloat and KuCoin and about $2.8 million observed still in attacker wallets at one point.
- Researchers also flagged phishing domains such as fix-trustwallet.com, and users are advised to update only via the official listing, avoid opening v2.68 before updating, and move funds to new wallets with fresh seed phrases if exposed.